Facebook Users Targeted In Phishing Assault
"In many ways, this isn't any different than any type of phishing attack," said Kevin Haley, director of Symantec Security Response. "But people tend to be a little bit more trusting and off-guard when they're pushing a link that they think a friend gave them."
In the recent Facebook attack, hackers used a compromised account to send an embedded link to the victims' Facebook friends along with a message that says "check 151.im," as well as "121.im" and "123.im."
Once users open the link, they are immediately directed to a fraudulent Facebook login site that prompts them to submit their login credentials again. However, the site is in actuality a spoofed page, designed to steal users' Facebook login information. The stolen login credentials would then likely be used to compromise more accounts and send spam, soliciting pharmaceuticals and other products, security experts said.
"(The scam) operated a little bit like a Ponzi scheme," Haley said. "Some accounts were compromised and they were used to compromise other accounts. It grew and expanded."
Facebook confirmed the attack late Thursday, and said that the site was in the process of repairing damage and blocking compromised accounts, Reuters reported.
While the phishing attack doesn't, thus far, appear to distribute malware, Haley said that the attackers could use the stolen Facebook username and passwords to break into other financial accounts that require the same passwords for identity-theft purposes.
"You've just given them access to two very important things of yours," Haley said. "People need to resist that urge to use the same passwords everywhere. They need to make them unique."
There are some telltale signs indicating that the redirected login page is actually a phishing attack. Haley said that the URL of the login page does not end with Facebook.com. Meanwhile, Haley contends that users should be wary of links redirecting them to a page that requests login information, especially if they've already done so.
"Unless you directly went to the (intended) site, be very suspicious and take a look at those (login) sites," he said.
To further protect themselves from attack, users should also make sure that they have the latest version of their Web browser, and ensure that their operating system patches are up-to-date.
Meanwhile, this latest Facebook phishing scheme is just another in a growing list of phishing and malware attacks that have targeted the popular social networking site. Facebook was targeted earlier this year with a malicious worm known as Koobface, which infected millions of users with information-stealing malware.
Researchers at security company SophosLabs found in a survey that 33 percent of respondents said they've been spammed on social networking sites, while more than 20 percent have been the victims of targeted phishing or malware attacks.
"As cybercriminals choose to exploit these sites for nefarious purposes, both innocent users and companies are finding themselves in the firing line," said Graham Cluley, senior technology consultant, in a blog post. "But until users wise up to the dangers and firms begin to take precautionary measures to combat these threats, the situation will intensify."